@stefano That sounds a lot like the people i've seen in the past doing "security audits" with intent of scaring corporate higher-ups with the highest number of vulnerable systems possible to push their security solution on them.